Improper Authorization in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 Allows Remote Password Reset (CSCuv12338)

Improper Authorization in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 Allows Remote Password Reset (CSCuv12338)

CVE-2015-4319 · MEDIUM Severity

AV:N/AC:L/AU:S/C:N/I:P/A:P

The password-change feature in the administrative web interface in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 improperly performs authorization, which allows remote authenticated users to reset arbitrary active-user passwords via unspecified vectors, aka Bug ID CSCuv12338.

Learn more about our Cis Benchmark Audit For Cisco.